Pages

Daily Tech Digest - May 19, 2017

One thing that IT security experts agree on this week is that the WannaCry attacks have raised awareness around data security and systems vulnerabilities. “There have been more than 4,000 daily ransomware attacks since early 2016 – a 300 percent increase over 2015,” according to Scott Kinka, chief technology officer at Evolve IP. “Victims paid a total of more than $24 million to regain access to their data in 2015 alone.” But Kinka believes the WannaCry epidemic raises the stakes, and organizations that haven’t placed a top priority on data security in the past need to now. The WannaCry attack “represents a massive ransomware explosion, even by these standards,” Kinka says. “Truthfully, it is impossible to stop the ransomware epidemic. However, taking the right proactive and reactive measures can help mitigate the damage.”

In the past, people were playing with containers but not really betting their business on it. Now that they're starting to deploy them into production, security, manageability [and] lifecycle are more applicable now and you want a commercial-grade system to do commercial-grade containers in Linux. What we've done is containerize all of our products into a [Red Hat Enterprise Linux] container. With the Container Health Index, we scan the pieces of the OS that they've included … and tell them what shape it's in, if there's any known security vulnerabilities or any bugs and offer a newer version if available. We've done that for our own products and we're now exposing those tools to our partners so they can run containers they've built with our container kits. We're going to publish Container Health Index results on our portal.

One of the big announcements at I/O was Google Lens, a set of vision-based computing capabilities that seeks to understand what a user is looking at with their smartphone's camera, and help them take action based on that information. For example, a user can take a picture of a flower, and Lens will tell the user the kind of flower it is, Pichai said. Users will also be able to point their phone at a router, and it will connect them based on the given password. Google Lens will initially be rolled out to Google Assistant and Google Photos in the coming weeks. At last year's I/O, Pichai spoke about how computing was moving from mobile-first to AI-first, and that theme continued in 2017. Pichai said that Google is rethinking its computational architecture to build "AI-first data centers."

Some of the most pervasive stereotypes surround millennials; those who are roughly 20 to 35 years old, says William A. Schiemann, CEO of Metrus Institute. Schiemann says he's continually faced with clients' confusion and misunderstanding about generational differences, and the stereotypes that arise from this confusion. "What's amazing is how often organizational leaders that I regularly interview at the Metrus Institute try to label these younger employees as needy, coddled, technology snobs, unprepared for organizational life or scores of other attributes. But digging deeper, I'll ask if there are differences between their 20-to-25-year-olds and their 30-to-35-year-old millennials. 'Oh, yes! The older millennials have clearer goals, understand corporate organizations better, they're more educated' and on and on. Dial this back for a moment -- Of course! They're more mature and experienced by about ten years!" Schiemann says.

“DDoS scrubbing services primarily use commercial cloud-based solutions,” says Andrew Howard, CTO, Kudelski Security. These are the kinds of solutions that have sufficient resources to make such an approach work, given the size of the traffic and the scrubbing task. You can buy services that run all the time or services that you turn up when you see DDoS attacks coming on. “With as-needed services, you’ll see a delay between the time when you come under attack and the time the mitigation starts—but we’re talking about a delay of minutes, not hours,” says Rachel Kartch, Researcher, CERT Division, Software Engineering Institute, Carnegie-Mellon University. ... “Hybrid services include an always-on, on-premise scrubbing device and rerouting for traffic to scrubbing centers when you come under heavy attack,” says Kartch.

Firms must recognize and react to three uncomfortable truths. First, cyber risk evolves according to Moore’s Law. That’s a major reason that technology solutions alone can never keep pace with dynamic cyber threats. Second, as with all threat management, defense is a much harder role to play than offense. The offensive players only need to win once to wreak incalculable havoc on an enterprise. Third, and worst yet, attackers have patience and latency on their side. Firms can be lulled into a dangerous state of complacency by their defensive technologies, firewalls, and assurances of perfect cyber hygiene. The danger is in thinking that these risks can be perfectly “managed” through some sort of comprehensive defense system. It’s better to assume your defenses will be breached and to train your people in what to do when that happens.

Calls aside, the newly announced upgrade will bring Home a handful of other interesting flourishes. First, Home devices will soon harness your existing smartphone and TV screens to provide visual accompaniments to responses, as appropriate -- sending directions to your phone when you ask about the location of a business, for instance, or showing your calendar on a Chromecast-connected TV when you ask to see your agenda. It's a clever and very Googley way to accomplish what Amazon could do only by creating an entirely new product. Home will also soon gain what Google calls a "proactive assistance" feature. In short, the device will flash its lights when a timely and important message awaits -- like a pending reminder, a traffic delay relevant to your day at any given moment, or a status change for a flight you've booked. When you see the lights flashing, you simply say "Hey Google, what's up?" to get the info.

The stories are engaging. They raise legitimate, even alarming, concerns. But frankly, IoT testing always seemed like a specialized discipline to me. If you weren't building software for cars, big box home appliances or tiny wearable devices, its immediate relevance to quality assurance (QA) pros escaped me. For years, I heard and read a lot about it, but it wasn't clear to me why IoT testing mattered outside its own arena. ... "It's always been about functional testing," she said. "Let's make sure the software works and get it out the door." But concerns about how IoT works in the real world place new emphasis on nonfunctional types of testing, including performance and security, she said. That presents a career path for software testers who spot the opportunity. "QA pros should build up their resumes for nonfunctional testing skills."

In the age of smart devices, IoT, and ever invasive advertisement practices, it becomes imperative that we build explicit consent into every feature that we build. What will happen if the next television ad asks Alexa to purchase twenty rolls of a certain brand of toilet paper every time the ad plays? What if Google Home plays ads for medication to a user who hasn’t told the rest of the family about their condition? What if Alexa outs a LGBTQ user to their family and puts them in danger? Or endangers a person trying to leave their abusive spouse by suggesting ads for self-defense classes and survival supplies based on their browser history? ... The easiest way to protect user privacy is to give users the information they need to make informed, consensual decisions to use our products and to not assume passive, implicit consent.

"The biggest mistakes helpdesk professionals make is communicating with customers in ways that feels impersonal," said Jamie Domenici, VP of SMB marketing at Salesforce. "While it may be easier to use a script, or send a templated email when you are trying to respond to a customer quickly, the more work service teams put into building exceptional customer service experiences, the more they'll get out." While being polite is a must for a helpdesk professional, very formal language may alienate your client, said Eirini Kafourou, communications specialist at Megaventory. "We have noticed that the people who contact our customer support are usually feeling bad that they had to ask for help and try to ask as few questions as possible," she said. "Replying in a playful tone helps them relax and continue asking more, as if they had a friend helping them."

Quote for the day:

"It was character that got us out of bed, commitment that moved us into action, and discipline that enabled us to follow through." -- Zig Ziglar